A toggle for svg

Bug reports and enhancement requests
Post Reply
informak98
Posts: 2
Joined: Fri Sep 10, 2021 9:37 pm

A toggle for svg

Post by informak98 »

Is there a way to allowing enable/disable svg with noscript. I ask because it would be very useful in Tor browser in safest setting instead of changing safety setting we could use noscript to enable svg graphics for trusted sites.
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: A toggle for svg

Post by barbaz »

This is not currently a feature of NoScript. What security threat would this protect against?
*Always* check the changelogs BEFORE updating that important software!
-
informak98
Posts: 2
Joined: Fri Sep 10, 2021 9:37 pm

Re: A toggle for svg

Post by informak98 »

XSS attacks (which noscript already solves), HTML injection, Billion Laughs Attacks, DOS attacks, etc.
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Asphyx
Junior Member
Posts: 23
Joined: Mon Oct 04, 2021 8:40 am

Re: A toggle for svg

Post by Asphyx »

I wrote a Userscript for a button to toggle SVG. Works fine but unfortunally, Torbrowser bundles this setting with NoScript-settings. When switch off SVG, all individual NoScript-settings are removed. :-(

Code: Select all

// buttonToggleSVG.uc.js

(function() {
   if (location != 'chrome://browser/content/browser.xhtml')
      return;
   try {
      CustomizableUI.createWidget({
         id: 'toolbar-button-svg',
         type: 'custom',
         defaultArea: CustomizableUI.AREA_NAVBAR,
         onBuild: function(aDocument) {
            var button = aDocument.createElementNS('http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul', 'toolbarbutton');
            var attributes = {
               id: 'toolbar-button-svg',
               class: 'toolbarbutton-1 chromeclass-toolbar-additional',
               removable: 'true',
               label: 'SVG ein-/ausschalten',             
               tooltiptext: Services.prefs.getBoolPref('svg.disabled') ?
                  'SVG ist ausgeschaltet' : 'SVG ist eingeschaltet',
               oncommand: '(' + onCommand.toString() + ')()'
            };
            for (var a in attributes) {
               button.setAttribute(a, attributes[a]);
            };
            function onCommand() {
               var isEnabled = !Services.prefs.getBoolPref('svg.disabled');
               Services.prefs.setBoolPref('svg.disabled', isEnabled);
               var windows = Services.wm.getEnumerator('navigator:browser');
               while (windows.hasMoreElements()) {
                  let button = windows.getNext().document.getElementById('toolbar-button-svg');
                  button.setAttribute('tooltiptext', isEnabled ? 'SVG ist ausgeschaltet' : 'SVG ist eingeschaltet')
               };
            };
            return button;
         }
      });
   } catch(e) { };

   var css =
      '#toolbar-button-svg[tooltiptext="SVG ist ausgeschaltet"] {list-style-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEX8Bgf8jY78UVD819j8Ly/8cXH8sbD8/fsAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAADgFoczAAAACXBIWXMAAAsSAAALEgHS3X78AAAAm0lEQVQIHQGQAG//AHd3d3d3d3d3AHEENFcwM0AXADAAEidgdAAHABASFUcUMEUHAFR3YQdSEDdnAFA3dgclVHd3ABAFcwNBJHEXADAAZwYGIjADAHYAV0UDJDADAHcwJyQHVHMDABdyV1BHEDMDACIQFxAnMEUDACAAN2BXdAADADQBdzAXc0AXAHd3d3d3d3d3AHd3d3d3d3d3al0faWEjzO4AAAAASUVORK5CYII=");}' +
      '#toolbar-button-svg[tooltiptext="SVG ist eingeschaltet"] {list-style-image: url("data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAABAAAAAQBAMAAADt3eJSAAAAMFBMVEUH/geO/o5Q/lDU/tQv/i+w/rBx/nH5/vkAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACA6l3BAAAACXBIWXMAAAsSAAALEgHS3X78AAAAm0lEQVQIHQGQAG//AHd3d3d3d3d3AHEENGcwM0QXADAAEidQdAAHABASFkcUMEYHAGR3UQdiEDdXAGA3dQcmZHd3ABAGcwNBJHEXADAAVwUFIjADAHUAZ0YDJDADAHc0JyQHZHMDABdyZ2BHEDMDACIQFxAnMEYDACAAN1BndAADADQBdzAXc0AXAHd3d3d3d3d3AHd3d3d3d3d3hDEfwz+POEwAAAAASUVORK5CYII=");}';	  
   var stylesheet = document.createProcessingInstruction('xml-stylesheet', 'type="text/css" href="data:text/css;utf-8,' + encodeURIComponent(css) + '"');
   document.insertBefore(stylesheet, document.documentElement);
})();
Last edited by barbaz on Tue Nov 30, 2021 12:02 am, edited 1 time in total.
Reason: Add user script as sent by PM
--
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
barbaz
Senior Member
Posts: 10834
Joined: Sat Aug 03, 2013 5:45 pm

Re: A toggle for svg

Post by barbaz »

Asphyx wrote: Mon Oct 25, 2021 9:27 am PS. Tried to insert the script here, but: "Ooops, something in your posting triggered my antispam filter...
Please use the "Back" button to modify your content and retry."
You could private message it to an active Support Team member and we can try to post it for you. PMs to forum staff are not spam-filtered, and the spam filter is more lenient on us.
*Always* check the changelogs BEFORE updating that important software!
-
Asphyx
Junior Member
Posts: 23
Joined: Mon Oct 04, 2021 8:40 am

Re: A toggle for svg

Post by Asphyx »

As written in the other thread, I found a solution:
user_pref("extensions.torbutton.noscript_persist", true);

I'll send you the script for SVG
--
Mozilla/5.0 (Windows NT 10.0; rv:78.0) Gecko/20100101 Firefox/78.0
Post Reply